- Published on
-
Dec 14, 2024
- Research Description
-
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getResumeFileDownloadById() function in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to download other users resumes.
- Affected versions
-
Min -, max 2.2.3.
| Previous vulnerability researches |
|
WP Job Portal – A Complete Job Board
(CVE-2024-11711)
, Dec 15, 2024
|
|
WP Job Portal – A Complete Job Board
(CVE-2024-35759)
, Jun 22, 2024
|
|
WP Job Portal – A Complete Job Board
(CVE-2024-35760)
, Jun 22, 2024
|
|
WP Job Portal – A Complete Job Board
(CVE-2024-11714)
, Dec 15, 2024
|
|
WP Job Portal – A Complete Job Board
(CVE-2024-11710)
, Dec 15, 2024
|
| New vulnerability |
|
SKT Page Builder
(CVE-2024-12848)
, Jan 10, 2025
|
|
Deliver via Shipos for WooCommerce
(CVE-2024-12222)
, Jan 10, 2025
|
|
SEMA API
(CVE-2024-12285)
, Jan 10, 2025
|
|
Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination
(CVE-2024-11642)
, Jan 10, 2025
|
|
Yumpu ePaper publishing
(CVE-2024-12621)
, Jan 10, 2025
|